What is a Dedicated Instance?

Introduction to Dedicated Instance (DI)

Without disrupting your business, you can move your calling and unified communications to the cloud. With features and integrations comparable to or superior to those of your on-premises systems and greater control over upgrades and integrations, it provides a cutting-edge user experience.

The DI add-on for Webex Calling includes:

• Cisco Unified Communications Manager
• Cisco Unified IM and Presence
• Cisco Unified Unity Connection
• Cisco Expressway
• Cisco Emergency Responder (Americas region only)
• Cisco Session Management Edition (SME) - based on approval from Cisco

Extended ROI – Dedicated Instance supports the same voice and video endpoints as the associated UC Manager release, eliminating the requirement to refresh all customer endpoints when migrating to the cloud and extending the ROI of these assets.

Basic Inter-Op – Dedicated Instance is integrated with Webex Calling for call routing through the Webex platform. Customers can distribute users across Dedicated Instance and Webex Calling and adjust over time to address their cloud calling business requirements.

Note: Customer administrators who split users across platforms will experience different features. The calling features aren’t harmonized between Dedicated Instance and Webex Calling. For example, Webex Calling users can’t be part of a hunt group on Dedicated Instance.

Simple Migration Path

Dedicated Instance for Webex Calling provides a simplified cloud migration path from legacy PBX and on-premises Unified Communications Manager systems.

Dedicated Instance alleviates the pain points associated with enterprise calling migrations to the cloud:

• No Disruptions – Dedicated Instance has the same features, functionality, user experience, and integration options supported by Unified Communications Manager deployed on-premises, including Jabber and Webex App support. This creates a frictionless migration to the cloud with no end-user or administrator training required for existing Unified Communications Manager customers. Dedicated Instances can be trunked to third-party PBXs, allowing new Cisco customers a flexible migration schedule.
• Customization – A dedicated private instance for every customer allows for a highly customizable cloud deployment, a unique differentiator from other cloud calling offers in the market. Dedicated Instance’s open APIs enable deep third-party application integrations allowing customers to build a calling environment that supports unique business workflows.
• Uncompromised Security – With Dedicated Instance, customer admins can access all the Unified Communications Manager security features for Endpoints and UC applications like encrypted media, secure SRST, and secure OTT registration using MRA.

In addition, customer admins have access to important physical security features like Cisco Survivable Remote Site Telephony (SRST) for site connectivity in the event network links go down and Cisco Emergency Responder and Nomadic E911 to ensure employees can be located by emergency responders when in the office or in a hybrid mode of work.

Availability

The Dedicated Instance service is available worldwide and can be purchased as an add-on for Webex Calling Flex Plan 3.0 in particular nations.

The same level of localization as our on-premise Unified Communications Manager is supported by Dedicated Instance. It has clients in more than 30 languages, a self-care portal available in 50 languages, and phone and gateway tones available in 82 countries.

Benefits

Customers of Unified Communications Manager who are already on-premises can take advantage of the following significant advantages when migrating to the cloud using Dedicated Instance:

• Dedicated Calling application instance in Webex Data Centers.
• Customizable Calling platform.
• Flexible, quickly scalable architecture.
• Familiar user experience, reducing the need for employee retraining.
• Unified client for calling, messaging, meetings, and team collaboration that is usable across all device types.
• Compatibility with Cisco’s full portfolio of phones, gateways, and video devices.
• Integrates with Webex meetings, messaging, and calling as part of the Webex suite, enabling an amazing end-to-end customer experience.

Backup of UC Applications

Cisco backs up all UC applications deployed in Dedicated Instance every evening. The latest 4 acceptable backups are saved in the data center. The backups are password protected and will only be used to restore the UC application during disaster recovery.

In the event of a major hardware failure, if the entire cluster is down, the cluster can be reinstalled, and the data will be restored from the DRS backup taken daily. Depending on the size of the database and the components that you choose to restore, the system can be restored to the last known good backup.

Note: This is not a change backout strategy, and administrators will not have access to these backups.

Base Configuration in Control Hub

In Base configuration, the Dedicated Instance Webex Calling configuration in the Control Hub, which includes the Unified Communication application, is detailed at a high level.

Base Configuration includes configuration details about the Dedicated Instance for Webex Calling System Configuration (Dedicated Instance) that is built for a customer which includes Unified Communications (UC) applications:

• Cisco Unified Communication Manager (Unified CM).
• Cisco Unified Instant Message and Presence (IM&P).
• Cisco Unified Unity Connection (CUCxN) and
• Cisco Emergency Responder (CER).
• Edge components (Cisco Expressways).

Cisco Configured Components

Cisco configures multiple components in the Customer’s Dedicated Instance UC applications. For these components to be easily identifiable, Cisco inserts an “x” at the beginning of the component's name. This x prefix alerts partners to a Cisco-configured name that administrators should not modify or delete. This format is also used for Cisco’s Operational monitoring/readiness of the Dedicated Instance UC applications.

Administrators should not modify or delete any of the following unless the Dedicated Instance document explicitly mentions changing a customer-specific configuration in the SIP trunks:

• Region entries associated with resources in the Datacenter (DC), i.e., Conference bridges, SIP trunks, etc.
• Device pool entries that are associated with devices in Cisco’s Data Center.
• Security configurations as required
  • Credential policy configuration
  • SIP security profile configuration
• Cisco configured SIP Trunks for various services integration, i.e., RedSky, Inter-op trunk to Webex Calling Multi-tenant, etc.
• Cisco configures two CDR destinations in Unified CM to monitor the application and provide analytics in Control Hub for administrators.

Control Hub Webex Calling

Component	Cisco Assigned Name	Details
Location Services → Calling → Location	WXC-DI-<region>-LOC	Location is mandatory for the activation of Interop SIP trunk between Webex Calling and Dedicated Instance. The customer administrator must configure the Main Number for this default Location created.
SIP Trunk Services → Calling → Call Routing → Trunk	WXC-DI-<region>-<DC-1> WXC-DI-<region>-<DC-2>	SIP trunk one to each Dedicated Instance data center within a region is configured for basic interop between Webex Calling and Dedicated Instance. Note: These are default trunks created by Cisco and should not be modified or deleted.
Route Group Services → Calling → Call Routing → Route Group	WXC-DI-<region>-RG	Route Groups are configured with the Interop SIP trunks, and administrators can easily configure or link their custom Dial Plan to the default Route Group.

Network and Security Requirements

DNS Requirements

For Dedicated Instance, Cisco provides the FQDN for the service in each region with the following format <customer>.<region>.wxc-di.webex.com for example, xyz.amer.wxc-di.webex.com.

The administrator provides the ‘customer’ value as part of the First Time Setup Wizard (FTSW).

DNS records for this FQDN must be resolvable from the customer’s internal DNS server to support on-premise devices connecting to the Dedicated Instance. To facilitate resolution, the admin needs to configure a Conditional Forwarder, for this FQDN, on their DNS server pointing to the Dedicated Instance DNS service. The Dedicated Instance DNS service is regional and can be reached, via the peering to Dedicated Instance, using the following IP addresses mentioned in the below table.

Region/DC	Dedicated Instance DNS Service IP Address	Conditional Forwarding Example
AMER		<customer>.amer.wxc-di.webex.com
SJC	69.168.17.100
DFW	69.168.17.228
EMEA		<customer>.emea.wxc-di.webex.com
LON	178.215.138.100
AMS	178.215.138.228
EU		<customer>.eu.wxc-di.webex.com
FRA	178.215.131.100
AMS	178.215.131.228
APJC		<customer>.apjc.wxc-di.webex.com
SIN	103.232.71.100
TKY	103.232.71.228
AUS		<customer>.aus.wxc-di.webex.com
MEL	178.215.128.100
SYD	178.215.128.228

Note: The ping option is disabled for the above mentioned DNS server IPS addresses for security reasons.

Once the conditional forwarding is in place, devices will be able to register to the Dedicated Instance from the customer's internal network via the peering links. Conditional forwarding is not required for registration via Mobile and Remote Access (MRA), as all the required external DNS records to facilitate MRA will be pre-provisioned by Cisco.

When using the Webex application as your calling soft client on Dedicated Instance, a UC Manager Profile needs to be configured in Control Hub for each region’s Voice Service Domain (VSD).

Port Numbers and Protocols

The following tables describe the ports and protocols that are supported in Dedicated Instance. Ports that are used for a given customer depend on the Customer’s deployment and solution. Protocols depend on the customer’s preference (SCCP vs. SIP), existing on-premises devices, and what level of security to determine which ports are to be used in each deployment.

Note: Dedicated Instance doesn't allow Network Address Translation (NAT) between endpoints and Unified CM as some of the call flow features won't work.

The ports available for customers - between the Customer on-premises and Dedicated Instance are shown below. All the ports listed below are for customer traffic traversing the peering links.

Note: SNMP port is supported only for CER functionality and not for any other third-party monitoring tools.

Cisco reserves ports in the range of 5063 to 5080 for other cloud integrations.
Partner or customer administrators are recommended to refrain from using these ports in their configurations.

Protocol	TCP/UDP	Source	Destination	Source Port	Destination Port	Purpose
SSH	TCP	Client	UC applications	Greater than 1023	22	Administration
TFTP	UDP	Endpoint	Unified CM	Greater than 1023	69	Legacy Endpoint Support
LDAP	TCP	UC applications	External Directory	Greater than 1023	389	Directory sync to customer LDAP
HTTPS	TCP	Browser	UC applications	Greater than 1023	443	Web access for self-care and administrative interfaces
Outbound Mail (SECURE)	TCP	UC Application	CUCxn	Greater than 1023	587	Used to compose and send secure messages to any designated recipients
LDAP (SECURE)	TCP	UC applications	External Directory	Greater than 1023	636	Directory sync to customer LDAP
H323	TCP	Gateway	Unified CM	Greater than 1023	1720	Call signaling
H323	TCP	Unified CM	Unified CM	Greater than 1023	1720	Call signaling
SCCP	TCP	Endpoint	Unified CM, CUCxn	Greater than 1023	2000	Call signaling
SCCP	TCP	Unified CM	Unified CM, Gateway	Greater than 1023	2000	Call signaling
MGCP	UDP	Gateway	Gateway	Greater than 1023	2427	Call signaling
MGCP Blackhaul	TCP	Gateway	Unified CM	Greater than 1023	2428	Call signaling
SCCP (SECURE)	TCP	Endpoint	Unified CM, CUCxn	Greater than 1023	2443	Call signaling
SCCP (SECURE)	TCP	Unified CM	Unified CM, Gateway	Greater than 1023	2443	Call signaling
Trust Verification	TCP	Endpoint	Unified CM	Greater than 1023	2445	Providing trust verification service to endpoints
CTI	TCP	Endpoint	Unified CM	Greater than 1023	2748	Connection between CTI applications (JTAPI/TSP) and CTIManager
Secure CTI	TCP	Endpoint	Unified CM	Greater than 1023	2749	Secure connection between CTI applications (JTAPI/TSP) and CTIManager
LDAP Global Catalog	TCP	UC Applications	External Directory	Greater than 1023	3268	Directory sync to customer LDAP
LDAP Global Catalog	TCP	UC Applications	External Directory	Greater than 1023	3269	Directory sync to customer LDAP
CAPF Service	TCP	Endpoint	Unified CM	Greater than 1023	3804	Certificate Authority Proxy Function (CAPF) listening port for issuing Locally Significant Certificates (LSC) to IP phones
SIP	TCP	Endpoint	Unified CM, CUCxn	Greater than 1023	5060	Call signaling
SIP	TCP	Unified CM	Unified CM, Gateway	Greater than 1023	5060	Call signaling
SIP (SECURE)	TCP	Endpoint	Unified CM	Greater than 1023	5061	Call signaling
SIP (SECURE)	TCP	Unified CM	Unified CM, Gateway	Greater than 1023	5061	Call signaling
SIP (OAUTH)	TCP	Endpoint	Unified CM	Greater than 1023	5090	Call signaling
XMPP	TCP	Jabber Client	Cisco IM&P	Greater than 1023	5222	Instant Messaging and Presence
HTTP	TCP	Endpoint	Unified CM	Greater than 1023	6970	Downloading configuration and images to endpoints
HTTPS	TCP	Endpoint	Unified CM	Greater than 1023	6971	Downloading configuration and images to endpoints
HTTPS	TCP	Endpoint	Unified CM	Greater than 1023	6972	Downloading configuration and images to endpoints
HTTP	TCP	Jabber Client	CUCxn	Greater than 1023	7080	Voicemail notifications
HTTPS	TCP	Jabber Client	CUCxn	Greater than 1023	7443	Secure voicemail notifications
HTTPS	TCP	Unified CM	Unified CM	Greater than 1023	7501	Used by Intercluster Lookup Service (ILS) for certificate-based authentication
HTTPS	TCP	Unified CM	Unified CM	Greater than 1023	7502	Used by ILS for password-based authentication
IMAP	TCP	Jabber Client	CUCxn	Greater than 1023	7993	IMAP over TLS
HTTP	TCP	Endpoint	Unified CM	Greater than 1023	8080	Directory URI for Legacy Endpoint Support
HTTPS	TCP	Browser, Endpoint	UC applications	Greater than 1023	8443	Web access for self-care and administrative interfaces, UDS
HTTPS	TCP	Phone	Unified CM	Greater than 1023	9443	Authenticated contact search
HTTPs	TCP	Endpoint	Unified CM	Greater than 1023	9444	Headset Management Feature
Secure RTP/SRTP	UDP	Unified CM	Phone	16384 to 32767 *	16384 to 32767 *	Media (audio) - Music On Hold, Annunciator, Software Conference Bridge (Open based on call signaling)
Secure RTP/SRTP	UDP	Phone	Unified CM	16384 to 32767 *	16384 to 32767 *	Media (audio) - Music On Hold, Annunciator, Software Conference Bridge (Open based on call signaling)
COBRAS	TCP	Client	CUCxn	Greater than 1023	20532	Backup and Restore Application Suite
ICMP	ICMP	Endpoint	UC applications	n/a	n/a	Ping
ICMP	ICMP	UC applications	Endpoint	n/a	n/a	Ping
* Certain special cases may use a greater range.

Dedicated Instance - OTT Ports

Customers and Partners can use the following port for Mobile and Remote Access (MRA) setup:

Protocol	TCP/UCP	Source	Destination	Source Port	Destination Port	Purpose
SECURE RTP/RTCP	UDP	Expressway C	Client	Greater than 1023	36000-59999	Secure Media for MRA and B2B calls