Скачать презентацию TOI Unity 5 0 1 2006 Cisco Systems Скачать презентацию TOI Unity 5 0 1 2006 Cisco Systems

fbba1f0b79ad1d74b8ca1073bc401d70.ppt

  • Количество слайдов: 49

TOI Unity 5. 0(1) © 2006 Cisco Systems, Inc. All rights reserved. 1 TOI Unity 5. 0(1) © 2006 Cisco Systems, Inc. All rights reserved. 1

TOI Unity 5. 0(1) TOI for Secure Messaging Erich Von Normann Unity Development evonnorm@cisco. TOI Unity 5. 0(1) TOI for Secure Messaging Erich Von Normann Unity Development [email protected] com © 2006 Cisco Systems, Inc. All rights reserved. 2

Introduction to TOI for Secure Messaging Unity 5. 0(1) extends the Confidential Messaging feature Introduction to TOI for Secure Messaging Unity 5. 0(1) extends the Confidential Messaging feature that was introduced in Unity 4. 0(5), by allowing all messages to be secured and accessible over the TUI, VMO, and Unity Inbox. It is an important feature which involves many Unity components, and it is critical that Cisco TAC understands how it works and knows how to support it. This module will include detailed descriptions of the purpose for Secure Messaging, how it works, and how to troubleshoot and support it. © 2006 Cisco Systems, Inc. All rights reserved. 3

Module Objectives After completing this module you will be able to: § Describe the Module Objectives After completing this module you will be able to: § Describe the purpose of Secure Messaging and understand why we designed it the way we did § Describe the related feature of Message Aging § Describe which Unity components are affected by the feature and the role of each component in the feature § Describe the current limitations of Secure Messaging § Describe the AD Schema Extensions associated with Secure Messaging and Unity 5. 0 § Troubleshoot customer problems with Secure Messaging © 2006 Cisco Systems, Inc. All rights reserved. 4

Agenda § Purpose of Secure Messaging § Technical Details of the Design § Instructions Agenda § Purpose of Secure Messaging § Technical Details of the Design § Instructions on Troubleshooting § Demos of diagnostics © 2006 Cisco Systems, Inc. All rights reserved. 5

Intent of Secure Messaging What is the purpose of this feature? § Make it Intent of Secure Messaging What is the purpose of this feature? § Make it as difficult as possible for Unity subscribers to do the following: – Accidentally or intentionally forward voicemail messages to third parties outside the messaging system. – Accidentally or intentionally violate a customer’s voicemail retention policy. § There have been a number of cases where an employee of a company accidentally or intentionally forwarded a confidential voicemail outside the company. § Preventing that from occurring is a key feature for many large companies, particularly in the financial sector. © 2006 Cisco Systems, Inc. All rights reserved. 6

Design of Secure Messaging How does the feature meet these goals? § Unity encrypts Design of Secure Messaging How does the feature meet these goals? § Unity encrypts the audio data in a voicemail message in such a way that access to a private key stored on the Unity server is required before the message can be decrypted and played. § If a subscriber forwards a voicemail message outside the Unity organization, it will not be decryptable, so the recipient will not be able to play it back. § The only methods that a subscriber can use to decrypt and play back secure messages are the Unity TUI, VMO, and Unity Inbox. § Other clients will not know how to decrypt the audio and will instead play back a decoy message which explains that it’s a secure message and will not be decrypted. § Secure Messaging is configured for the sending subscriber (not the receiving subscriber), and for messages from outside callers; if a site wants all secure, they can configure that via Bulk Edit © 2006 Cisco Systems, Inc. All rights reserved. 7

Message Aging What is it and why is it needed? § Message Aging refers Message Aging What is it and why is it needed? § Message Aging refers to putting a time-bomb on a message, so that after a configurable period has passed, the message contents cannot be retrieved § Many companies have a message retention policy, and must comply with regulations such as Sarbanes-Oxley (SOX) § Messages can be downloaded to a client such as Outlook and it’s very hard to control deletion of such messages § Also, even messages in Exchange may not actually get deleted when an admin expects © 2006 Cisco Systems, Inc. All rights reserved. 8

Message Aging & Secure Messaging What is the link between these two features? § Message Aging & Secure Messaging What is the link between these two features? § Unity implements Message Aging on top of the Secure Messaging infrastructure § When Message Aging is enabled, the Unity server will create a new public/private key every day, and also delete the oldest private key from the system § This deletion of the private key is what renders a message undecryptable, and thus unable to be played back § Please note the following: – Message Aging will only apply to secure messages – Message Aging is disabled by default – Message Aging is granular to the nearest day, which means all messages recorded on a given day will expire at the same time © 2006 Cisco Systems, Inc. All rights reserved. 9

Confidential vs. Secure Messaging Confidential Messaging Secure Messaging § Introduced in Unity 4. 0(5) Confidential vs. Secure Messaging Confidential Messaging Secure Messaging § Introduced in Unity 4. 0(5) § Introduced in Unity 5. 0(1) § Only private messages can be encrypted § Encryption for each user is All, Private-Only, or None § Messages can only be encrypted and decrypted using the Unity TUI § Messages can also be encrypted and decrypted using VMO and Unity Inbox § Limited support for secure messages with VM Interop and remote locations § Enhancements to secure messaging for VM Interop and remote locations § Public/Private Keys must be managed manually, which makes Message Aging difficult to manage § A new Unity service creates and deletes Public/Private Keys and thus enables Message Aging. © 2006 Cisco Systems, Inc. All rights reserved. 10

Interoperability with earlier versions § Secure messages recorded in Unity 5. 0 store the Interoperability with earlier versions § Secure messages recorded in Unity 5. 0 store the session keys in a different format than do confidential messages in Unity 4. x – This change was made to greatly speed-up the decryption of the session key during playback § By default, secure messages from Unity 5. 0 save the session keys in both the Unity 5. 0 & 4. x formats, so that if a site has a mix of versions, Unity 4. x can play messages from Unity 5. 0 (TUI only) § Similarly, Unity 5. 0 can handle messages from a Unity 4. x server, and can play them back over the TUI or a PC Client § If a Unity 4. x sub installs VMO from Unity 5. 0 on their Client PC, they will not be able to play secure messages, since VMO asks Unity to decrypt the session key and Unity 4. x can’t do that § If a site has only Unity 5. 0, then for efficiency they can disable the function to save session keys in both 4. x & 5. 0 formats via the Advanced Settings Tool (AST) © 2006 Cisco Systems, Inc. All rights reserved. 11

Limitations of Secure Messaging § Secure Messaging works only with Unity integrated with Microsoft Limitations of Secure Messaging § Secure Messaging works only with Unity integrated with Microsoft Exchange, not with Lotus Domino § Secure messages can only be recorded and played back using the Unity TUI, VMO, and Unity Inbox – Support for CUPC and other Cisco clients is on the roadmap for the 2008 Unity release, but we have not yet EC-ed § Secure messages sent to and received from remote locations (such as 3 rd party VM systems) have several configuration options § Secure Messaging enforces that messages can only be played back by someone within the Unity organization, but it does not check whether the user is an intended recipient, just that the user is authenticated © 2006 Cisco Systems, Inc. All rights reserved. 12

Limitations of Message Aging § Message Aging is configured system-wide – Sites with multiple Limitations of Message Aging § Message Aging is configured system-wide – Sites with multiple Unity servers must set it on each server – Cannot be configured differently for messages sent from different subscribers or on individual messages § Key pairs are deleted based on count of active keys, not number of days (usually the same, but not always); Example: – A site has Secure Messaging, but not Message Aging – After 10 days, sets Message Aging to 30 days – No keys are deleted until 30 days pass, so the oldest messages will have been around for ~40 days § If a subscriber is out of the office for an extended period, a message may expire while it is still unread § System behavior can be odd with Message Aging of 1 -2 days © 2006 Cisco Systems, Inc. All rights reserved. 13

Secure Messaging & Unity Connection § Unity Connection 2. 0 supports Secure Messaging, but Secure Messaging & Unity Connection § Unity Connection 2. 0 supports Secure Messaging, but it’s quite different from (and simpler than) Unity 5. 0’s feature: – Unity Connection has its own on-box message store, rather than an external message store like MS Exchange – Unity Connection doesn’t support secure messages to 3 rd party clients and only to Cisco clients that do not keep local copies – Unity Connection employs an Appliance Model, which means that system access is very restricted § Because of these differences, Unity Connection is a Closed Messaging System, and it does not need to Encrypt messages in order to Secure them or impose Message Aging § A thorough discussion of Unity Connection’s Secure Messaging feature is beyond the scope of this presentation © 2006 Cisco Systems, Inc. All rights reserved. 14

Unity Secure Messaging Components § New Components – Cu. Message. Aging. Svr – New Unity Secure Messaging Components § New Components – Cu. Message. Aging. Svr – New service to manage keys and certificates, including expiration of old certificates – Cu. Session. Key – Runs inside Av. MMProxy. Svr service, and handles encryption/decryption of Session Key for TUI & Clients § Modified Components – Miu / Av. Wav – Does decryption-on-a-stream during playback (previously, TUI decrypted entire message before playing) – VMO & Unity Inbox – Plays & records secure messages – Voice Connector – Handles encryption of incoming messages and decryption of outgoing messages – Wav. Crypt – Provides encryption/decryption services to other components, enhanced for Client/Server functionality © 2006 Cisco Systems, Inc. All rights reserved. 15

Details of Design (Cu. Message. Aging. Svr) § A new Unity service (Cu. Message. Details of Design (Cu. Message. Aging. Svr) § A new Unity service (Cu. Message. Aging. Svr) manages the keys – It will create a Public/Private Key pair. If Message Aging is enabled, this happens once per day at 12 AM GMT, at which time it also deletes the oldest Private Key – It will store the new Public Key in a local MS Access database (CommserverCert. DataCERTData. mdb). If Message Aging is enabled, the Public Key corresponding to the Private Key that was deleted will be marked as deleted – It will also publish the Public Key to AD, where other Unity servers in the forest will sync it down and store it in their SQL Servers table; only the most recent Public Key from each server will be stored in SQL – the older one will be overwritten § Replaces & supercedes the old Assign. Conf. Cert utility from previous versions of Unity, and also migrates older 4. x keys from the registry to the Access database. © 2006 Cisco Systems, Inc. All rights reserved. 16

Details of Design (TUI Encryption) § Here’s how a secure message is encrypted from Details of Design (TUI Encryption) § Here’s how a secure message is encrypted from the TUI: – A new Session Key is created for each secure message – The Session Key is used to encrypt the audio data, which is then stored in the message’s wave file – A new Unity component called Cu. Session. Key is called to encrypt the Session Key § The Session Key is encrypted using the Public Key of each Unity server, which is stored in SQL § This list of Encrypted Session Keys is also stored in the wave file. – The decoy message is also stored in the wave file in such a way that 3 rd party media players will play it rather than the encrypted audio © 2006 Cisco Systems, Inc. All rights reserved. 17

Details of Design (TUI Decryption) § Here’s how a secure message is decrypted from Details of Design (TUI Decryption) § Here’s how a secure message is decrypted from the TUI: – The list of Encrypted Session Keys is extracted from the message’s wave file and passed to Cu. Session. Key § It determines which Encrypted Session Key in the list was encrypted using its Public Key on the sending Unity server § It then checks if that Public/Private Key has been deleted – If so, it returns an error to the TUI, which plays a prompt notifying the subscriber that the message is expired – If not, it uses the Private Key to decrypt the Session Key, passing this Decrypted Session Key back to the TUI – The TUI uses the Decrypted Session Key to decrypt the audio and play back the message – The Miu & Av. Wav can decrypt & playback one chunk at a time, rather than decrypt all chunks before playback can start © 2006 Cisco Systems, Inc. All rights reserved. 18

Details of Design (Client Encryption) § Here’s how a secure message is encrypted in Details of Design (Client Encryption) § Here’s how a secure message is encrypted in VMO / Unity Inbox: – On the Client PC, a new Session Key is created – Still on the Client PC, this Session Key is used to encrypt the audio data, which is then stored in the message’s wave file – The Client PC makes a secure RPC connection to the Unity server’s Cu. Session. Key component to encrypt the Session Key § On the Unity server, the Session Key is encrypted using the Public Key of each Unity server, which is stored in SQL § This list of Encrypted Session Keys is passed back to the Client PC via secure RPC, which stores it in the wave file. – The decoy message is also stored in the wave file in such a way that 3 rd party media players will play it rather than the encrypted audio © 2006 Cisco Systems, Inc. All rights reserved. 19

Details of Design (Client Decryption) § Here’s how a secure message is decrypted in Details of Design (Client Decryption) § Here’s how a secure message is decrypted in VMO / Unity Inbox: – On the Client PC, the list of Encrypted Session Keys is extracted from the message’s wave file and passed via secure RPC to the Unity server’s Cu. Session. Key component § It determines which Encrypted Session Key in the list was encrypted using its Public Key on the sending Unity server § It then checks if that Public/Private Key has been deleted – If so, it returns an error to the Client PC, which tells the subscriber that the message is expired – If not, it uses the Private Key to decrypt the Session Key, passing this Decrypted Session Key back to the Client PC via Secure RPC – The Client PC uses the Decrypted Session Key to decrypt the audio and play back the message © 2006 Cisco Systems, Inc. All rights reserved. 20

Details of Design (VM Interop) § Secure Messaging separates private and secure message flags Details of Design (VM Interop) § Secure Messaging separates private and secure message flags § For secure messages sent to VPIM, Bridge, or AMIS locations: – Decrypt All – All secure messages are decrypted and sent – Decrypt Non-private – All non-private secure messages are decrypted and sent, while private messages are NDR-ed – Decrypt None – All secure messages are NDR-ed § For messages received from VPIM or Bridge locations: – Encrypt All – Accept all messages & encrypt them all – Encrypt Private – Accept all messages & encrypt private only – Encrypt None – Accept all messages & leave all unencrypted § Note: Messages received from AMIS locations are not encrypted (Due to limitations in the AMIS protocol, the time to implement this was not worth our investment) © 2006 Cisco Systems, Inc. All rights reserved. 21

Details of Design (VM Interop, cont. ) § IVC now includes its own Cu. Details of Design (VM Interop, cont. ) § IVC now includes its own Cu. Message. Aging. Svr and an Access database for storing certificates § New Trusted Internet Subscribers and Trusted Internet Locations: – Problem: Messages sent to Internet Subscribers go directly through Exchange, so IVC can’t decrypt secure messages, so Internet Subs will always hear the decoy message – Solution: Messages sent to Trusted Internet Subscribers go through IVC, so messages are decrypted before sent – Trusted Internet Locations have same settings as VPIM – Decrypt & Send All, Non-private, or None – Note that Blind Addressing to Trusted Internet Subscribers is not supported © 2006 Cisco Systems, Inc. All rights reserved. 22

AD Schema Extensions § Unity 5. 0 extends the Active Directory Schema in several AD Schema Extensions § Unity 5. 0 extends the Active Directory Schema in several ways § We made an effort to extend it in such a way that future Unity versions can add new data items to AD without another schema extension (hopefully) – There are several new AD attributes that are not yet used, but are intended to provide a framework for future changes – One of these new AD attributes stores a subscriber’s message encryption setting for messages sent from that subscriber – whether Unity encrypts all, private only, or none. © 2006 Cisco Systems, Inc. All rights reserved. 23

AD Schema Extensions – Details § There are 3 new AD Attributes that are AD Schema Extensions – Details § There are 3 new AD Attributes that are intended be lists of name: value pairs, which will allow new data items to be added in the format name 1: value 1; name 2: value 2; etc… – cisco-Ecsbu-Unity-Attributes: for non-indexed name: value pairs; Encryption: [0|1|2] is the subscriber encryption setting, with 0=None, 1=Private Only, and 2=All – cisco-Ecsbu-Unity-Attributes-Indexed: for indexed name: value pairs; not currently used – cisco-Ecsbu-Unity-Attributes-Encoded: for name: value pairs that will be stored encoded; not currently used § There is a new aux class called cisco. Ecsbu-UM-Attributes for these attributes, which is now supported by the User, Group, Contact, and Location objects © 2006 Cisco Systems, Inc. All rights reserved. 24

AD Schema Extensions – Site Object § Unity 5. 0 also introduces the concept AD Schema Extensions – Site Object § Unity 5. 0 also introduces the concept of a Site Object, which will be used to store site-wide data, called cisco. Ecsbu-UM-Site, and it has the cisco. Ecsbu-UM-Attributes aux class § Currently do not store any data site-wide, but might in the future § Contains the new cisco-Ecsbu-UM-Schema-Version attribute, which designates the minimum Unity version for any server in the site, so a Unity can decide if it needs to be backwards-compatible § The intent is for any settings that should be the same for all Unity servers in an organization to be stored in one place § Some examples are Message Aging policy, Outside Caller Encryption settings, and lots of the AST settings § This implies that there would also be a site-wide SA/Config tool § Work to move settings to Site Object is not yet committed, but at least the AD Schema won’t need to be extended if we do it © 2006 Cisco Systems, Inc. All rights reserved. 25

Tools Updates for Secure Messaging § Several Unity Tools have been updated for Secure Tools Updates for Secure Messaging § Several Unity Tools have been updated for Secure Messaging: – Bulk Edit, CUBI, Di. RT, DBWalker, GUSI, and others support the new subscriber encryption setting (encrypt all, private, or none), and also Trusted Internet Subscribers and Locations – Di. RT also supports exporting and importing the public and private keys from/to the Access database and OS store § These keys can also be imported to a different Unity server, which means that if a site adds a new Unity later (perhaps a Failover server), then subs moved to that server can still listen to secure messages sent to them on the old server § Sites must be careful to delete old backups, since if they restore the keys, then previously expired messages will again be decryptable and thus can be played again! © 2006 Cisco Systems, Inc. All rights reserved. 26

Secure Messaging Setup & Config § Please consult the Securing Subscriber Messages chapter in Secure Messaging Setup & Config § Please consult the Securing Subscriber Messages chapter in the Security Guide for Cisco Unity for detailed instructions § Here a few possible setup/config mistakes to look for: – Active Directory and Account permission problems – would prevent public keys from getting to other Unity servers – IP Port 5050 blocked – default port on Unity server for Client PCs to ask it to encrypt/decrypt session keys – Inconsistent message aging policy – make sure that all Unity servers & IVCs have the same policy; it must be configured on each server, there isn’t a site-wide parameter – Problems with secure messages to/from remote subscribers – make sure IVC is configured for Secure Messaging, and that the delivery location is properly configured in Unity SA © 2006 Cisco Systems, Inc. All rights reserved. 27

Secure Messaging Troubleshooting § Please consult the Secure Messaging section of the Troubleshooting Guide Secure Messaging Troubleshooting § Please consult the Secure Messaging section of the Troubleshooting Guide for Cisco Unity 5. 0 § Make sure that unsecured messages are working correctly, so that you’re troubleshooting the right issue! § Make sure that the certificates for the Unity/IVC server are in Cert. Data. mdb (and if Message Aging is enabled, make sure the count is correct) and in the OS store § Make sure that the public keys for all Unity servers are in the SQL Servers table, and for IVC, make sure that the public keys are in Active Directory (it goes directly to AD rather than SQL) § Make sure that Cu. Message. Aging. Svr is running (should be by default) – if it crashed, won’t create new keys and age/delete older ones © 2006 Cisco Systems, Inc. All rights reserved. 28

Viewing Certs in the OS Store § To view the Certificates in the OS Viewing Certs in the OS Store § To view the Certificates in the OS Store, use the Certificates MMC snap-in for the Local Computer (aka Computer Account) § To get details on a Certificate, right-click it and select Open © 2006 Cisco Systems, Inc. All rights reserved. 29

Viewing Certs in the Access DB § To view the Certificates in the Access Viewing Certs in the Access DB § To view the Certificates in the Access DB, copy CommserverCert. Data. mdb to a computer with Microsoft Access and open it. § Sort the list by the Index column – you’ll see the Serial Number, the encoded Certificate (Access may truncate it since it’s a large data item), and whether it’s been deleted (expired) © 2006 Cisco Systems, Inc. All rights reserved. 30

Viewing Certs in Active Directory § To view the Certificates in AD, run ldp. Viewing Certs in Active Directory § To view the Certificates in AD, run ldp. exe § Run FileBind with an admin account & then run ViewTree § Expand the root node, the Domain Controllers node, and then select the Unity system § The encoded Certificate is in cisco. Ecsbu. UMLocation. Object. Id © 2006 Cisco Systems, Inc. All rights reserved. 31

Viewing Certs in SQL Servers table § To view the Certificates in SQL, run Viewing Certs in SQL Servers table § To view the Certificates in SQL, run SQL Query Analyzer § Using the Unity. Db, run “select * from servers” § A list of all Unity & IVC servers should be the result § For each server, you’ll see the encoded Certificate in the Encryption. Public. Key column (SQL Query Analyzer might truncate it since it’s a large data item) © 2006 Cisco Systems, Inc. All rights reserved. 32

Troubleshooting for VMO & Unity Inbox § Make sure account credentials can access Cu. Troubleshooting for VMO & Unity Inbox § Make sure account credentials can access Cu. Session. Key – VMO – Configurable via ToolsViewmail OptionsSM Tab – Unity Inbox – Local account’s credentials § Unity Inbox with IE 6 or 7 – first time CPCA is loaded on Unity 5. 0, set “Download unsigned Active. X Controls” to Prompt, so that you can install the Media. Master Control (can disable afterwards) § VMO 5. 0 does not support offline playback of secure messages! – By design – must access Unity server to decrypt session key § VMO 5. 0 has a setting to support offline composition of messages – “Force Messages Secure”, customized in View. Mail. msi § 0 (Default) = Don’t ask Unity to encrypt, send unsecure § 1 = If can’t reach Unity, require to save & send secure later § 2 = If can’t reach Unity, give user the choice © 2006 Cisco Systems, Inc. All rights reserved. 33

Throttle for VMO Connections § Unity puts a throttle on the number of VMO Throttle for VMO Connections § Unity puts a throttle on the number of VMO Clients that may ask for session key encryption and decryption simultaneously, so a large number of connections doesn’t use too many CPU cycles – Only throttles requests to encrypt/decrypt session keys, not the encryption/decryption of the audio on the PC Client itself – If VMO gets a server-busy, it retries for up to 3 seconds – The throttle is set at 15 simultaneous connections, which was based on testing on a 7815 server – a sustained load of 15 connections added ~25% CPU load – Sites might want to allow more simultaneous VMO connections if subs get server-busy messages when Unity CPU% is low – The BU does not yet have hard data on how many should be allowed for more powerful servers, so if a site needs to increase this, TAC will need to escalate for assistance. § CPCA & Unity Inbox are already throttled via an AST setting © 2006 Cisco Systems, Inc. All rights reserved. 34

Secure Messaging Diagnostic Traces § In Unity Diagnostic Tool, there are new macro traces Secure Messaging Diagnostic Traces § In Unity Diagnostic Tool, there are new macro traces for Secure Messaging, in 3 different categories: – Message Aging Service – traces for Cu. Message. Aging. Svr, which will appear in diag_Cu. Message. Aging. Svr_*. txt – Encryption & Decryption (High Level) – traces for the Conversation & Miu portions of the feature, which will appear in diag_Av. Cs. Mgr_*. txt – Encryption & Decryption (Low Level) – traces for Wav. Crypt and Cu. Session. Key, which will appear in diag_Av. Cs. Mgr_*. txt and diag_Av. MMProxy. Svr_*. txt, respectively § There additional micro traces for Cu. Session. Key, which can be enabled separately in UDT if needed © 2006 Cisco Systems, Inc. All rights reserved. 35

Secure Messaging Diagnostics (cont. ) § To enable traces for the Voice Connector (IVC), Secure Messaging Diagnostics (cont. ) § To enable traces for the Voice Connector (IVC), set the Voice Connector logging level to 5 (Function) on the IVC, and the Secure Messaging traces will appear in the standard diag file § To enable traces on a Client PC for Secure Messaging issues with VMO or Unity Inbox: – Create the following registry keys at HKEY_CURRENT_USER SoftwareCisco SystemsCisco UnityMedia Master: Trace, Trace. RPCAPI, and Trace. Wav. Crypto, and set all 3 keys to 1 – Run a tool like Dbg. View. exe (from sysinternals. com) on the Client PC to capture the traces – Set the above keys to 0 (or delete them) to disable traces © 2006 Cisco Systems, Inc. All rights reserved. 36

Log of TUI Encryption (Av. Cs. Mgr) Encryption begins 15: 00: 33: 734 Starting Log of TUI Encryption (Av. Cs. Mgr) Encryption begins 15: 00: 33: 734 Starting to encrypt the message on line 1488 of file E: ViewsCU 5. 0. 0. 294un_Core 2Conversation. EngAv. State. SvrAv. SMsg. Send. cpp. . . 15: 00: 33: 765 Encryption Engine Initialized on line 1516 of file Succeeded Creating E: ViewsCU 5. 0. 0. 294un_Core 2Conversation. EngAv. State. SvrAv. SMsg. Send. cpp Session Key 15: 00: 33: 796 Wav. Crypto. Create. Session. Key (. . . ). . . 15: 00: 33: 796 Wav. Crypto. Create. Session. Key (. . . ) - 0000 Succeeded Encrypting 15: 00: 33: 797 Wav. Crypto. Encrypt. With. Session. Key (. . . ) Audio Data. . . 15: 00: 33: 906 Wav. Crypto. Encrypt. With. Session. Key (. . . ) - 0000 // - This is when Cu. Session. Key code is executing -- see diag_Av. MMProxy. Svr! 15: 00: 34: 218 Wav. Crypto. Set. Key. Headers(. . . ) See next slide. . . 15: 00: 34: 218 Wav. Crypto. Set. Key. Headers(. . . ) - 0000 Succeeded Saving 15: 00: 34: 219 Encryption Process Complete on line 1942 of file Encrypted Session Keys E: ViewsCU 5. 0. 0. 294un_Core 2Conversation. EngAv. State. SvrAv. SMsg. Send. cpp 15: 00: 34: 312 Encrypted Stream was copied into the message on line 1950 of file E: ViewsCU 5. 0. 0. 294un_Core 2Conversation. EngAv. State. SvrAv. SMsg. Send. cpp. . . 15: 00: 34: 313 Message property AVP_IS_ENCRYPTED set to TRUE on line 1308 of file E: ViewsCU 5. 0. 0. 294un_Core 2Conversation. EngAv. State. SvrAv. SMsg. Send. cpp. . . 15: 00: 34: 468 Message data comitted on line 1429 of file E: ViewsCU 5. 0. 0. 294un_Core 2Conversation. EngAv. State. SvrAv. SMsg. Send. cpp Committed Message to Exchange © 2006 Cisco Systems, Inc. All rights reserved. 37

Log of TUI Encryption (Av. MMProxy. Svr) RPC Binding & Authorization 15: 00: 33: Log of TUI Encryption (Av. MMProxy. Svr) RPC Binding & Authorization 15: 00: 33: 938 Rpc. Server. If. Callback - Bind. String[ncalrpc: LT-2708[Cu. Session. Key. Svr]] Security. Context[EVONNORMUnity. Msg. Svc ]. . . 15: 00: 33: 937 Rpc. Server. If. Callback - Authorized context: EVONNORM Unity. Msg. Svc Allowing access Encrypt. Session. Keys begins 15: 00: 33: 938 Encrypt. Session. Keys received incoming RPC call. . . 15: 00: 34: 015 Get. Unity. Server. Info - Executing query select Alias Directory. Id Encryption. Public. Key from vw_servers where Encryption. Public. Key is not NULL 15: 00: 34: 016 Get. Unity. Server. Info - Query complete Query SQL Servers Table. . . 15: 00: 34: 015 Get. Unity. Server. Info - Server 1 - Name LT-2708 Server Name & Directory. ID 15: 00: 34: 016 Get. Unity. Server. Info - Server 1 - Directory. Id 2 a 592 d 28 cd 7 ee 94 b 81 baea 9 dc 7 a 46899 15: 00: 34: 031 Get. Unity. Server. Info - Retrieved 1 servers. . . Succeeded Encrypting 15: 00: 34: 031 Wav. Crypto. Encrypt. Session. Key (. . . ) Session Key in V 1 Format. . . 15: 00: 34: 110 Wav. Crypto. Encrypt. Session. Key (. . . ) - 0000 Writing Server. ID and 15: 00: 34: 109 Encrypt. Session. Keys Serial. Num to Output Param Wav. Crypto. Encrypt. Session. Key(e. ENCRYPTED_CIPHER_KEY_V 1) returned: 0 15: 00: 34: 110 Encrypt. Session. Keys - Setting ENCRYPTED_KEY_V 1. sz. Server. Dir. Id to: 2 a 592 d 28 cd 7 ee 94 b 81 baea 9 dc 7 a 46899 15: 00: 34: 125 Encrypt. Session. Keys - Setting ENCRYPTED_KEY_V 1. Serial. Num to: lwvr 9 yw/70 GFEG 3 gy 2 I/w. Q== Succeeded Encrypting 15: 00: 34: 126 Wav. Crypto. Encrypt. Session. Key (. . . ) Session Key in DL Format. . . 15: 00: 34: 203 Wav. Crypto. Encrypt. Session. Key (. . . ) - 0000 15: 00: 34: 204 Encrypt. Session. Keys Wav. Crypto. Encrypt. Session. Key(e. ENCRYPTED_CIPHER_KEY_DOWNLEVEL ) returned: 0 © 2006 Cisco Systems, Inc. All rights reserved. 38

Log of TUI Decryption (Av. Cs. Mgr Part 1) Finds if Unencrypted, Encrypted, or Log of TUI Decryption (Av. Cs. Mgr Part 1) Finds if Unencrypted, Encrypted, or Expired 15: 00: 49: 968 COM CAv. Miu. Call: : Get. Media. Characteristics (. . . ) entered. . 15: 00: 49: 968 Added to Stream. List. Cache: Stream. List for Stream. ID {C 3 A 401 E 0 -03 E 24892 -BF 22 -0 FE 51 FA 302 DB} (Size 1) Message Playback –. . . GUID to ID Stream. List 15: 00: 49: 968 CAv. Miu. Wave: : Decrypt. Session. Key (. . . ) entered. 15: 00: 49: 969 Wav. Crypto. File. Is. Encrypted (. . . ) File is Encrypted. . . 15: 00: 49: 969 Wav. Crypto. File. Is. Encrypted (. . . ) - 00000001 15: 00: 49: 968 Wav. Crypto. Get. Key. Headers(. . . ) Extracted Encrypted. . . Session Keys from File 15: 00: 49: 969 Wav. Crypto. Get. Key. Headers(. . . ) - 0000 // - This is when Cu. Session. Key code is executing -- see diag_Av. MMProxy. Svr! 15: 00: 50: 109 Stream 0 x 07187880 has Media. Characteristics 0 x 00000002 (Encrypted) 15: 00: 50: 110 CAv. Miu. Wave: : Decrypt. Session. Key (. . . ) exited with success Cu. Session. Key was able (0 x 0000). to Decrypt Session Key. . . 15: 00: 50: 109 COM CAv. Miu. Call: : Get. Media. Characteristics (. . . ) exited with HRESULT 0 x 0000 (S_OK). . // - Conversation plays appropriate prompts here. . . Message Expired, Error, or Message Headers © 2006 Cisco Systems, Inc. All rights reserved. 39

Log of TUI Decryption (Av. MMProxy. Svr) RPC Binding & Authorization 15: 00: 50: Log of TUI Decryption (Av. MMProxy. Svr) RPC Binding & Authorization 15: 00: 50: 032 Rpc. Server. If. Callback - Bind. String[ncalrpc: LT-2708[Cu. Session. Key. Svr]] Security. Context[EVONNORMUnity. Msg. Svc ]. . . 15: 00: 50: 031 Rpc. Server. If. Callback - Authorized context: EVONNORM Unity. Msg. Svc Allowing access Decrypt. Session. Keys begins 15: 00: 50: 032 Decrypt. Session. Keys received incoming RPC call. . . 15: 00: 50: 031 Decrypt. Session. Keys - Received list of 1 keys Found Matching Computer. ID 15: 00: 50: 032 Decrypt. Session. Keys - Processing Key#1 Key Dir. ID: 2 a 592 d 28 cd 7 ee 94 b 81 baea 9 dc 7 a 46899 Computer Dir. ID: 2 a 592 d 28 cd 7 ee 94 b 81 baea 9 dc 7 a 46899 Found Cert in Cache 15: 00: 50: 031 Decrypt. Session. Keys - Found key#1 as local server key from Access DB 15: 00: 50: 032 CDecrypt. Cert. Cache: : Find. Cert. In. Cache - Serial. Num — ë÷ ? ïA…. màËb? Á was Found. . . 15: 00: 50: 032 Wav. Crypto. Decrypt. Session. Key (. . . ) Succeeded Decrypting. . . Session Key 15: 00: 50: 109 Wav. Crypto. Decrypt. Session. Key (. . . ) - 0000 15: 00: 50: 110 Decrypt. Session. Keys - Wav. Crypto. Decrypt. Session. Key returned: 0 15: 00: 50: 109 Decrypt. Session. Keys returned 0 x 0000 © 2006 Cisco Systems, Inc. All rights reserved. 40

Log of TUI Decryption (Av. Cs. Mgr Part 2) Notice that several seconds have Log of TUI Decryption (Av. Cs. Mgr Part 2) Notice that several seconds have passed // - After Conversation plays appropriate prompts. . . 15: 00: 55: 593 COM CAv. Miu. Call: : Play(. . . ) entered. Same Stream. List ID. . . 15: 00: 55: 593 Found in Stream. List. Cache: Stream. List for Stream. ID {C 3 A 401 E 0 -03 E 24892 -BF 22 -0 FE 51 FA 302 DB} (Size 1). . . Pass Decrypted Session 15: 00: 55: 593 CAv. Miu. Wave: : Play(. . . ) entered. Key to Wav. Crypt 15: 00: 55: 594 Wav. Crypto. Store. Session. Key (. . . ). . . 15: 00: 55: 641 Wav. Crypto. Store. Session. Key (. . . ) - 0000 Read Data from File. . . 15: 00: 55: 656 Wav. Crypto. IORead (47648). . . Succeeded Decrypting 15: 00: 55: 656 Crypto. Decrypt. Data. With. Session. Key (. . . ) Data with Session Key. . . 15: 00: 55: 656 Crypto. Decrypt. Data. With. Session. Key (. . . ) - 0000. . . 15: 00: 55: 656 Wav. Crypto. IOProc(u. Message =0) exited (47648) 15: 00: 55: 657 Miu. Wave (Device 95): Play succeeded on operation Wav. Play (0 x 0000). 15: 00: 55: 656 CAv. Miu. Wave: : Play() beginning Wait. For(Wav. Stopped or Stop. Requested). Wait for Play to Complete as normal © 2006 Cisco Systems, Inc. All rights reserved. 41

Log of IVC Message Encryption (Part 1) 14: 06: 10 This voice attachment will Log of IVC Message Encryption (Part 1) 14: 06: 10 This voice attachment will be encrypted Message Encryption begins 14: 06: 10 "Encrypt. Voice. Msg()": Enter. . . 14: 06: 10 Refreshing the cached Public key for all the Servers. Retrieving Servers from AD. . . 14: 06: 10 Search String: (&(object. Category=Computer)(cisco. Ecsbu. Object. Type =14)(cisco. Ecsbu. UMLocation. Object Id=*)). . . 14: 06: 10 Current message attachment will be encrypted with the public keys of Unity and Voice Connector server(s): EXCHINTCUTY EXCHINTPUTY 1 EXCHINTPUTY 2 EXCHINTSDC EXCHINTSUTY UNITY (. . . ) 6 Servers in this Environment. . . 14: 06: 10 "Encrypt. Voice. Msg()": Found public key for 6 Unity and Voice Connector server(s). . 14: 06: 10 "CAv. Encrypt: : Encrypt. Wav. File (. . . )": Enter. . . 14: 06: 10 Wav. Crypto. Create. Session. Key (. . . ) Created New Session Key. . . 14: 06: 10 Wav. Crypto. Create. Session. Key (. . . ) - 0000. . . Succeeded Encrypting 14: 06: 10 Wav. Crypto. Encrypt. With. Session. Key (. . . ) Audio Data. . . 14: 06: 10 Wav. Crypto. Encrypt. With. Session. Key (. . . ) - 0000 14: 06: 10 "CAv. Encrypt: : Encrypt. Wav. File (. . . )": Wav. Crypto. Encrypt. With. Session. Key Succeeded © 2006 Cisco Systems, Inc. All rights reserved. 42

Log of IVC Message Encryption (Part 2) 14: 06: 11 Get. Unity. Server. Info. Log of IVC Message Encryption (Part 2) 14: 06: 11 Get. Unity. Server. Info. Ivc - Retrieved 6 servers. . . 14: 06: 11 Encrypt. Session. Keys - allocating Key Package size of 2270 bytes 14: 06: 11 Wav. Crypto. Encrypt. Session. Key (. . . ) Succeeded Encrypting. . . Session Key in V 1 Format 14: 06: 11 Wav. Crypto. Encrypt. Session. Key (. . . ) - 0000 14: 06: 11 Encrypt. Session. Keys - Setting ENCRYPTED_KEY_V 1. sz. Server. Dir. Id to: FB 2127 FB 07 B 91 C 47 A 517 E 04471710 C 7 A 14: 06: 11 Encrypt. Session. Keys - Setting ENCRYPTED_KEY_V 1. Serial. Num to: J+7 a 1 Hn/2 ESdq. Jx. Ey. GH/xg== Writing Server. ID and // Repeats for other 5 servers. Serial. Num to Output Param. . . 14: 06: 11 Wav. Crypto. Encrypt. Session. Key (. . . ). . . Succeeded Encrypting 14: 06: 11 Wav. Crypto. Encrypt. Session. Key (. . . ) - 0000 Session Key in DL Format // Repeats for other 5 servers. . 14: 06: 11 "CAv. Encrypt: : Encrypt. Wav. File (. . . )": Encrypt. Session. Keys Succeeded 14: 06: 11 Wav. Crypto. Set. Key. Headers(. . . ). . . Succeeded Saving 14: 06: 11 Wav. Crypto. Set. Key. Headers(. . . ) - 0000 Encrypted Session Keys. . . 14: 06: 11 "CAv. Encrypt: : Encrypt. Wav. File (. . . )": Exit. . . Message Encryption is done 14: 06: 11 "Encrypt. Voice. Msg()": Exit © 2006 Cisco Systems, Inc. All rights reserved. 43

Log of IVC Message Decryption (Part 1) This Location allows Outgoing 14: 05: 53 Log of IVC Message Decryption (Part 1) This Location allows Outgoing 14: 05: 53 Current Message attachment is : Encrypted. Secure Message Decryption. . . 14: 05: 53 The Voice message is Encrypted, SENSITIVITY is NOT PRIVATE, Option Flags =0 X 00400444. message Decryption is allowed. . 14: 05: 53 Current Message attachment = Voice. Message. wav is Encrypted, it will be decrypted 14: 05: 53 "Decrypt. Voice. Msg()": Enter Function Message Decryption begins. . . 14: 05: 54 Wav. Crypto. File. Is. Encrypted (. . . ) File is Encrypted. . . 14: 05: 54 Wav. Crypto. File. Is. Encrypted (. . . ) - 00000001. . . 14: 05: 54 "CAv. Encrypt: : Decrypt. Wav. File (. . . )": Enter Function Extracted Encrypted. . . Session Keys from File 14: 05: 54 Wav. Crypto. Get. Key. Headers(. . . ). . . 14: 05: 54 Wav. Crypto. Get. Key. Headers(. . . ) - 0000 Retrieving Servers from AD. . . 14: 05: 54 Get. Unity. Server. Info. Ivc - Executing. Search (&(object. Category=computer)(cisco. Ecsbu. Object. Type =14)(cisco. Ecsbu. UMLocation. Object Id=*)). . . Local Computer. ID 14: 05: 54 Get. Unity. Server. Info. Ivc - Retrieved 2 servers. . . 14: 05: 54 Get. Computer. Direcory. Id() - f 228 ef 4 b 3 d 159945 b 88 e 6717404629 b 1. . . © 2006 Cisco Systems, Inc. All rights reserved. 44

Log of IVC Message Decryption (Part 2) Found Matching Computer. ID 14: 05: 54 Log of IVC Message Decryption (Part 2) Found Matching Computer. ID 14: 05: 54 Decrypt. Session. Keys - Received list of 2 keys. . . 14: 05: 54 Decrypt. Session. Keys - Found key#2 as local server key. . . 14: 05: 54 Get. Access. Cert. Data - Searching for Serial. Num: e. Ng. EMWr+gke. WGQk. Ti 9 QG 7 w==. . Found Cert in Cache 14: 05: 55 Find. Access. Cert. Data - Found data for Serial. Num: from Access DB e. Ng. EMWr+gke. WGQk. Ti 9 QG 7 w== 14: 05: 55 Get. Access. Cert. Data returned 0 x 0000. . . Succeeded Decrypting 14: 05: 55 Get. Decrypted. V 1 Data entered Session Key. . . 14: 05: 55 Wav. Crypto. Decrypt. Session. Key (. . . ) - 0000 14: 05: 55 Decrypt. Session. Keys - Wav. Crypto. Decrypt. Session. Key returned: 0 Succeeded Decrypting 14: 05: 55 Decrypt. Session. Keys returned 0 x 0000 Audio Data. . . 14: 05: 55 Wav. Crypto. Decrypt. With. Session. Key (. . . ) - 0000 14: 05: 55 "CAv. Encrypt: : Decrypt. Wav. File (. . . )": Wav. Crypto. Decrypt. With. Session. Key Succeeded. . . 14: 05: 55 "CAv. Encrypt: : Decrypt. Wav. File (. . . )": Exit Function. . . 14: 05: 55 "Decrypt. Voice. Msg()": Exit Function Message Decryption is done © 2006 Cisco Systems, Inc. All rights reserved. 45

Log of PC Client Decryption Audio is Encrypted 3: 18: 31. 764 PM IN Log of PC Client Decryption Audio is Encrypted 3: 18: 31. 764 PM IN Is. Wav. Stream. Encrypted() 3: 18: 31. 795 PM OUT Is. Wav. Stream. Encrypted() Yes 3: 18: 31. 795 PM IN CAv. Encrypt: : Init() 3: 18: 31. 795 PM IN CAv. Encrypt: : Init. Trace() 3: 18: 31. 795 PM OUT CAv. Encrypt: : Init. Trace() (S_OK) 3: 18: 31. 795 PM OUT CAv. Encrypt: : Init() (S_OK) Tries to Reach Unity 3: 18: 31. 795 PM IN Get. User. Password. Reg() Server’s Cu. Session. Key, 3: 18: 31. 795 PM OUT Get. User. Password. Reg() (S_OK) Includes Credentials 3: 18: 31. 795 PM IN CAv. Encrypt: : Open. RPCConnection () 3: 18: 31. 795 PM Enter Open. Session. Key. Manager(HUJOHNUNITY 1: 5050, Alex. Gates, hujohn-dom 1) 3: 18: 31. 795 PM Trace. Write. String. W: Get. Binding. Handle - Created bind string(ncacn_ip_tcp: HUJOHN-UNITY 1[5050]) Succeeded Opening 3: 18: 32. 170 PM Trace. Write. String. W: Open. Session. Key. Manager(HUJOHN- Cu. Session. Key UNITY 1: 5050) - Bind returned: 0 x 0000 3: 18: 32. 170 PM OUT CAv. Encrypt: : Open. RPCConnection () (0 x 0000) 3: 18: 32. 170 PM IN CAv. Encrypt: : Decrypt. Voice. Msg () Succeeded Getting 3: 18: 32. 170 PM IN CAv. Encrypt: : Decrypt. Wav. File () Encrypted Session 3: 18: 32. 170 PM IN Is. Wav. Stream. Encrypted() Keys from File 3: 18: 32. 170 PM OUT Is. Wav. Stream. Encrypted() Yes 3: 18: 32. 233 PM Wav. Crypto. Get. Key. Headers Succeeded 3: 18: 32. 686 PM Trace. Write. String. W: Decrypt. Session. Keys returned: 0 x 0000 Succeeded Decrypting 3: 18: 32. 686 PM Decrypt. Session. Keys() done. (0 x 0000) Session Key 3: 18: 32. 686 PM Decrypt. Session. Keys Succeeded 3: 18: 32. 842 PM Wav. Crypto. Decrypt. With. Session. Key Succeeded 3: 18: 32. 842 PM OUT CAv. Encrypt: : Decrypt. Wav. File () (0 x 0000) Succeeded on 3: 18: 32. 842 PM OUT CAv. Encrypt: : Decrypt. Voice. Msg () (0 x 0000) Audio Decryption 3: 18: 32. 858 PM Stream is decrypted successfully. Decryption complete, Playback begins © 2006 Cisco Systems, Inc. All rights reserved. 46

Log of Cu. Message. Aging. Svr 08: 55: 25: 859. . . 08: 55: Log of Cu. Message. Aging. Svr 08: 55: 25: 859. . . 08: 55: 25: 860 08: 55: 26: 015. . . 08: 55: 26: 062 08: 55: 26: 140. . . 08: 55: 26: 296 08: 55: 26: 297. . . 08: 55: 26: 578. . . 09: 00: 25: 859 09: 05: 25: 859 Message Aging checks If it’s run yet today Message Aging Service first run of the day. No key pair has been created yet today Checking if key pair was already created today No key pair created today. Creating one. At max key pair of: 30 will proceed to age messages Removing Key pair from My. Store Creating a new key pair. Creating new Key Pair. Updating Active Directory with new key pair Message Aging Service has already today. © 2006 Cisco Systems, Inc. All rights reserved. We have 30 key pairs, so must age/delete one New key pair created Publish it to AD Every 5 mins & at start-up, checks if it’s run today 47

Reference Documents § “Securing Subscriber Messages” chapter of the Security Guide for Cisco Unity Reference Documents § “Securing Subscriber Messages” chapter of the Security Guide for Cisco Unity 5. 0: http: //www. cisco. com/en/US/products/sw/voicesw/ps 2237/prod_m aintenance_guides_list. html § Secure Messaging portion of the Cisco Unity Troubleshooting Guide: http: //www. cisco. com/en/US/products/sw/voicesw/ps 2237/prod_tr oubleshooting_guides_list. html § Other portions of the Cisco Unity Troubleshooting Guide for AD Permissions, VMO, Unity Inbox, and VM Interop/Networking § FFS for Secure Messaging: EDCS-513331 © 2006 Cisco Systems, Inc. All rights reserved. 48

© 2006 Cisco Systems, Inc. All rights reserved. 49 © 2006 Cisco Systems, Inc. All rights reserved. 49