Enhanced Survivability

Should a customer’s network outage or a cloud outage prevent users at that site from connecting to Webex Calling Dedicated Instance, the Enhanced Survivability Node actively takes over the call routing responsibility. The Enhanced Survivability Node will process all Intra-site, PSTN, and Emergency calls for the users on that site during the outage.

The Enhanced Survivability Node is used when:

There is a customer network outage – e.g., WAN or ISP outage.
The Dedicated Instance Calling service is unavailable.

Overview

A Unified CM node deployed in the Customer’s data center connects to the Dedicated Instance Unified CM Cluster as an Enhanced Survivability Node.

During a survivability event, all the devices and third-party integrations that support the Enhanced Survivability Node will failover.

Key specifications for an Enhanced Survivability Node include:

A maximum of 8 Enhanced Survivability Nodes can be deployed in a single Unified CM cluster.
The round-trip time (RTT) between the Unified CM cluster in Dedicated Instance and the enhanced survivability node should be equal to or less than 200 milliseconds.
A maximum of 7500 devices can be registered on the Enhanced Survivability Node during an event of Survivability.
The feature is supported only on Edge or Partner Connect, cloud connectivity options.
Deploy the PSTN Local Gateway in the site for the PSTN routing of Emergency and PSTN calls.
On-net calling is possible only between devices that are registered to the same ESN and for other calls, it must be routed through the PSTN Local Gateway.
The Enhanced Survivability Node is added only as the tertiary node in the Unified CM group. Hence, you must make sure the integrations and devices/clients support the tertiary TFTP or ESN IP configurable in the application.

The following table compares features between SRST and the Enhanced Survivability Node:

Enhanced Survivability Node Prerequisites

Firewall, DNS, and proxy server settings must be completed before continuing with the enhanced survivability node installation and activation.

The customer’s firewall should allow the following ports before starting the activation of Enhanced Survivability Node in the Control Hub.

*ESN: Enhanced Survivability Node.

List of ports to be allowed in the customer firewall‍

Protocol	TCP/UDP	Source	Destination	Source Port	Destination Port	Direction	Purpose
SFTP SSH	TCP	ESN and Cisco monitoring Tool	Unified CM	Greater than 1023	22	Bidirectional	Cisco requires the port to install a COP file to convert the publisher node installed on-premises to ESN. It’s also used for executing commands on ESN during the activation process. To collect Call Detailed Record post a survivability event.
NTP	UDP	ESN	Unified CM	Greater than 1023	123	Bidirectional	Clock sync to publisher in Dedicated Instance cloud.
SNMP	UDP	Cisco Monitoring Tool	ESN	Greater than 1023	161	Bidirectional	SNMP service response (requests from management applications)
SNMP	UDP	ESN	Cisco Monitoring servers	Greater than 1023	162	Bidirectional	SNMP traps
HTTPS	TCP	Cisco monitoring, management servers	ESN	Greater than 1023	443	Bidirectional	Communications between subscriber to publisher, Used for Cisco User Data Services (UDS) requests, admin UI to Unified CM, Unified CM to CSSM
Syslog	UDP	ESN	Cisco Monitoring servers	Greater than 1023	514	Bidirectional	Monitoring
Cisco AMC Service	TCP	ESN	Unified CM	Greater than 1023	1090	Bidirectional	Monitoring
Cisco AMC Service	TCP	ESN	Unified CM	Greater than 1023	1099	Bidirectional	Monitoring
Database Connection	TCP	ESN	Unified CM	Greater than 1023	1500	Bidirectional	Database Replication between the Dedicated Instance Unified CM cluster and ESN.
Database Connection	TCP	ESN	Unified CM	Greater than 1023	1501	Bidirectional	Database Replication, secondary connection
Database Connection	TCP	ESN	Unified CM	Greater than 1023	1510	Bidirectional	Database Replication CAR Cisco Identity Service DB. CAR Cisco Identity Service engine listens on waiting for connection requests from the clients.
Database Connection	TCP	ESN	Unified CM	Greater than 1023	1511	Bidirectional	Database Replication, CAR Cisco Identity Service DB. An alternate port used to bring up a second instance of CAR Cisco Identity Service during upgrade.
Database Connection	TCP	ESN	Unified CM	Greater than 1023	1515	Bidirectional	Database replication between nodes during installation.
Cisco Extended Functions DB Replication	TCP	ESN	Unified CM	Greater than 1023	2551	Bidirectional	Database Replication within the cluster for communication between Cisco Extended Services for Active/Backup.
Cisco Extended Functions DB Replication	TCP	ESN	Unified CM	Greater than 1023	2552	Bidirectional	Database Replication. Allows subscribers to receive Unified CM database change notification
RIS server	TCP	ESN	Unified CM	Greater than 1023	2555	Bidirectional	Monitoring, Real-time Information Services (RIS) database server
RIS client	TCP	ESN	Unified CM	Greater than 1023	2556	Bidirectional	Monitoring, Real-time Information Services (RIS) database client for Cisco RIS
CTI	TCP	ESN	Unified CM	Greater than 1023	2748	Bidirectional	Call Control, CTI application server
Trunk-based SIP service	TCP	ESN	Unified CM	Greater than 1023	5060	Bidirectional	SIP service
Trunk-based SIP service	TCP	ESN	Unified CM	Greater than 1023	5061	Bidirectional	SIP service
Database change notification	TCP	ESN	Unified CM	Greater than 1023	8001	Bidirectional	Database Replication
SDL	TCP	ESN	Unified CM	Greater than 1023	8002	Bidirectional	Call Control
SDL (CTI)	TCP	ESN	Unified CM	Greater than 1023	8003	Bidirectional	Call Control
Diagnosis	TCP	ESN	Unified CM	Greater than 1023	8080	Bidirectional	Monitoring, Communication between servers used for diagnostic tests.
Cisco Control Center between Nodes	TCP	ESN	Unified CM	Greater than 1023	8443	Bidirectional	Cisco Control Center between Nodes.
Monitoring	TCP	Cisco Monitoring Tool	ESN	Greater than 1023	8443	Bidirectional	Monitoring
Intra-Cluster Replication	TCP	ESN	Unified CM	Greater than 1023	8500	Bidirectional	Database Replication, Intracluster replication of system data by IPSec Cluster Manager
Location Bandwidth Manager	TCP	ESN	Unified CM	Greater than 1023	9004	Bidirectional	Call Control, Intracluster communication between LBMs
Secure Web socket	TCP	ESN	Unified CM	9560	n/a	Bidirectional	LPNS notification from DI cloud
Connectivity Validation	ICMP	ESN	Unified CM	n/a	n/a	-	Ping

Permitted IPs in the Firewall

The following IP addresses need to be added to the Customer’s firewall for the Enhanced Survivability Nodes to communicate with the monitoring tools deployed in Dedicated Instance.

DNS Requirements

Customers need to configure conditional forwarders in the customer’s internal DNS servers towards the Dedicated Instance DNS to allow resolution of cloud devices. For more information regarding the Dedicated Instance DNS server IPs, refer to DNS requirements. To support failover to the ESN, the customer must also configure pinpoint DNS entries. These entries are site specific and will allow devices to find the correct address of the local ESN based on the source IP Address.

During the survivability event, hard devices and already logged in soft devices, will failover to the tertiary entry in the CallManager Group, the ESN node. The local DNS will respond with the correct address based on the pinpoint entry, a record for the ESN.

For example, esn-hostname.cust1.amer.wxc-di.webex.com - A record mapped to local IP

Soft clients that need to complete service discovery need to resolve the _cisco-uds._tcp SRV record. To ensure that the correct response is returned for the local ESN node this needs to be site specific, it should be resolved based upon the source IP Address of the query, listing A records for the DI cloud and the local ESN. For example,

_cisco-uds._tcp.cust1.amer.wxc-di.webex.com – SRV record mapped as follows

cXXXX011ccm4.cust1.amer.wxc-di.webex.com priority 10 weight 10

cXXXX021ccm5.cust1.amer.wxc-di.webex.com priority 10 weight 10

esn-hostname.cust1.amer.wxc-di.webex.com priority 20 weight 10

To create PinPoint entries in a Microsoft DNS, that resolve based on the device source IP address, use Resolution Policies and Zone Scopes. If you are using BIND this is achieved using Views.

Proxy Settings

The enhanced Survivability node has a module that needs to register to Cisco's telemetry cloud. This requires the node to reach the cloud over the Internet. For the same, there can be proxy servers used or not.There are three different options to configure the Enhanced Survivability Node to reach the Cisco Cloud:

If you do not have a proxy to reach the Internet, then the Enhanced Survivability Node can reach the Cisco Cloud directly without any proxy server

You configure the proxy server settings in the Enhanced Survivability Node.

You provide the proxy server details in the Control Hub Enhanced Survivability activation form, and we configure the proxy server details in the Enhanced Survivability Node during the activation.

If a proxy server is present on the customer’s site, then the following URLs need to be allowed in the Firewall > Proxy server and firewall:

Visualization Specification

Enhanced Survivability for Webex Calling Dedicated Instance requires Unified CM version of v14 SU3 or above.

9951, 8861, 8961, and 7861 phone models display the survivability event text “Service Interruption. Few features may not be available currently” during the failover in the survivability event.

The following are the OVA specifications for the Enhanced Survivability Node:


Supported Versions of VMware vSphere ESXi= 6.7, 7.0 U1
Application	OVA Size	Virtual Machine Configuration Requirements
Application	OVA Size	vCPU	Physical CPU Base Frequency	vRAM	vDisk	vNIC
Enhanced Survivability Node	Medium	2	2.50+ GHz	8 GB	1 x 110 GB	1 (1GbE+)

Enable LPNS in the Dedicated Instance Unified CM cluster for your Apple iOS devices to get notifications during the survivability event.

Enable Enhanced Survivability

Enhanced Survivability feature supports Webex App 43.6 version and above.

Once the Enhanced Survivability feature has been added to the subscription, you must enable the feature for a particular region in Control Hub, where the Enhanced Survivability Node will be deployed.