Installing Unity With Domino

Unanswered Question
Apr 3rd, 2010
User Badges:

Hi all,

I am preparing to install Unity with Domino and this is my first attempt.

In Unity Design guide I read the following:

If the Cisco Unity server is a member server, it should reside in the same highly available and connected network as a domain controller for that domain.

The Cisco Unity server should reside in the same highly available and connected network as the address book servers, the message store servers, and the mail drop server, or the customer will experience delays in message access, in directory replication, and in directory lookups.

In the first paragraph, Unity and Domain Controller in the same subnet.

In the second one, Unity and Domino in the same subnet.

What if the Domino and DC in different subnet??

One more thing if the DC is 2008 server is there any special considerations??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (6 ratings)
William Bell Sat, 04/03/2010 - 11:37
User Badges:
  • Purple, 4500 points or more

Well, I can see how you could interpret the language that way but that is not the intended interpretation. The "network" in this example is referring to your corporate LAN/MAN/WAN not an individual subnet on the LAN/MAN/WAN. Essentially, what Cisco is getting at is that they recommend you deploy your Unity server in a way where it has redundant network paths between itself and the DC/GC, address book servers, message store servers, etc. Moreover, the redundant network paths should provide adequate bandwidth.

So, Unity does not need to be in the same subnet or the same LAN switch as Domino services/servers or the AD DC/GC. It doesn't even need to be in the same switch block. You just want to make sure you have no single point of failure in the network between the Unity system and the key backend services. At the same time, you want to make sure that the bandwidth available between Unity and these other services is adequate enough to handle the frequency and size of the transactions Unity will need to perform as part of its normal operations. There is no exacting rule on bandwidth and opinions will vary widely. If you can say you have a 100Mbps available between the systems, that should be adequate, unless that 100Mbps link is running at 90% before even adding Unity to the equation.

I am not aware of any special considerations between Unity and MS Windows 2008. I know that it is supported:

That being said, I haven't had much opportunity to muck around with Unity and AD 2008. Though, I have integrated Unity-UM (Exchange) in a Windows 2008 environment (though the DC/GC servers were 2003. The Exchange servers were 2008 - not really pertinent to your configuration).

Anyway, you aren't stuck with using the same subnet for Unity, Domino, and MS. That's the important thing.




Please remember to rate helpful posts.

David Hailey Sat, 04/03/2010 - 12:24
User Badges:
  • Purple, 4500 points or more

Bill is spot on in his answer for you regarding the interpretation of the design guide.

As for Domino, the only limitation that you should be aware of (and you may already be) is that Unity 8x discontinues support for Lotus Domino.  The only supported message store types moving forward are currently Exchange 2003 and 2007.  In other words, Unity 5x and 7x are OK but that's as far as you can go.


Please rate helpful posts!

JustForVoice_2 Sat, 04/03/2010 - 12:35
User Badges:

Hi Bill,

Read this:

"Regardless of how you deploy Exchange, whether you have a distributed messaging deployment or a centralized deployment, Unity should be installed directly with Exchange and not separated through a WAN connection. This means Unity should be installed as close to Exchange as possible. Does this mean physically? No, of course not, but your goal should be to install Unity onto the same subnet."

This is from Cisco Unity Deployment and Solution Guide- Cisco Press,

Chapter 13: Planning a Unity Installation

Please remember to rate helpful posts

David Hailey Sat, 04/03/2010 - 13:16
User Badges:
  • Purple, 4500 points or more


I assure you that Unity is not required to be in the same subnet as Exchange.  In fact, our deployments are typically designed for separation of voice applications into their own dedicated IP space.  Here is an excerpt from the most recent Unity Design Guide:

"To ensure that Cisco Unity functions properly, we require that a  Cisco Unity server be in the same data center as the following servers:

The Exchange server that Cisco Unity  communicates with, commonly known as the partner Exchange server. For  more information on the partner Exchange server, see the "Exchange  Considerations (All Versions)" section.

Every Exchange server on which  mailboxes for that Cisco Unity server are homed. If Cisco Unity is  separated by a WAN from an Exchange server on which subscriber mailboxes  are homed, a second Cisco Unity server must be co-located with the  remote Exchange server.

At least one domain controller. If  Cisco Unity subscribers are homed in more than one domain, a DC for each  domain must be in the same data center as the Cisco Unity server.

At least one global catalog server.

At least one DNS server.

These requirements apply regardless of whether the non-Cisco Unity  servers are customer provided, or are Cisco provided and dedicated to  Cisco Unity.

Connect the Cisco Unity server and the servers that Cisco Unity relies  on with a high-speed switched gigabit network with no congestion. Total  MAPI response time must be less that 10 milliseconds.

The Cisco Unity server should be installed into the same Windows site as  the Exchange servers it services."

The 2 keys here are: MAPI and realizing that Unity is AD site aware.  So, with that said - the physical placement of servers can greatly influence the network connectivty available to other supporting services.  In a well-built network, it is highly likely that 2 servers within the same location will have low latency communications between each other...even though they may reside in separate VLANs.  Vice versa, being in a separate datacenter does not always equate to high-bandwidth intersite communications (although in many cases today, it does - i.e., high-speed MAN)  MAPI is the primary protocol for interactions with Exchange and Unity is also dependent upon replication of data to/from Active Directory.  So, there should be very little latency between Unity and the AD/Exchange environment for optimal performance.

This is not to say the excerpt cannot be taken literally as written; however, it is not a hard and fast requirement.


Please rate helpful posts!

William Bell Sat, 04/03/2010 - 13:23
User Badges:
  • Purple, 4500 points or more

I actually have that book. Good book and Linborg (the author) is a very active participant in this forum so maybe he can step in here. But, while we wait for that I would say that stating that the objective is to install Unity in the same subnet as the Exchange system is up for interpretation. I mean, are we talking about Microsoft subnets as defined in AD Sites and Services? If so, then I agree with the statement because in my experience people would define a subnet for their datacenter services which could be a whole range of computers. If we are talking about subnets from a router/switch point of view, then I disagree. While there isn't necessarily a problem with having the Exchange server and Unity server on the same broadcast domain (IP subnet) I don't see this as required and I could see reasons not to do this (maybe you desire a different set of security measures for Unity than Exchange?).

I have never installed unity in the same broadcast domain (IP subnet) as Exchange and I haven't had problems. Though, at the same time, I am not opposed to placing Unity with Exchange servers if that is what a customer really wants to do. From a security ACL perspective, I have learned that this latter approach is easier to manage because the nature of a MS domain and Exchange network is every server is a busy body (i.e. they all are up in each other's business ;-).

Now, my interpretation of the quote is that the author was thinking from a Microsoft point of view. With Exchange at least, you do want to make sure Unity is in the same "subnet" (from the MS AD Sites and Services perspective) and you do want them to be in the same "site" (not absolutely required, but a good idea from my understanding).

I also think the " close as possible..." is the generic and somewhat non-committal way of saying "make sure you got big pipes between A and B and make sure that you have redundant network paths". With Exchange, I try to ensure that I put the Unity server in the same data center distribution. The unity server is usually on a different access switch block. I typically do layer 3 to the access layer and in most of my deployments I will have three "route hops" between the unity system and Exchange/AD. Meaning, (1)L3 Access layer, (2)Data Center Distribution, (3) Exchange/AD L3 Access Layer. There are usually 1 Gig or even 10 Gig links between these layers or there will be multiple 1 Gig links in an etherchannel bundle. My objective is to put something in place where I feel I could have reliable 100Mbps throughput between Unity and Exchange. At the same time, all of these services are typically install in different broadcast domains (IP subnets).

+5 to you for quoting such a good book



JustForVoice_2 Sat, 04/03/2010 - 14:01
User Badges:

Thank you too muc for your detailed Answers and by mistake I put 4/5 for you post

I just need to check if you can help me in determine what is the requirements to install Unity with Domino, I tried to summrize all of them because I need to send it to the customer

1.       Domino Address Book .

2.       IP Address of Unity Server. ( I will not make it in the same subnet with Domino )

3.       DNS IP Address(s).

4.       Three Active Directory Domain Accounts

a.       One to Install Cisco Unity.( added to the Administrators group)

b.      Unity Services.( added to the Administrators group)

c.       Unity Administration. .( added to the Administrators group)

5.       Domino Administrator needs to:

a.       Create a group for Cisco Unity Servers, and grant the group Editor permissions for Admin4.nsf and Editor with Delete Documents permissions for Names.nsf.

b.      Confirm that the Unity Servers group has permissions required to create database and templates.

6.       csServer must be installed on each Domino server that homes Cisco Unity subscribers.

7.       csAdmin, the administration components of DUC for Support Cisco, must be installed on the Domino Server that pushes directory information out to the other Domino servers. csAdmin   installed only once for the domain.


David Hailey Sat, 04/03/2010 - 16:00
User Badges:
  • Purple, 4500 points or more

The design guide is good especially for the high-level.  However, you'll need/want to read the installation guide for Unity/Domino as well to ensure that you pick up any implementation details and/or requirements of note as these are not always highlighted in the design guides.


Please rate helpful posts!


This Discussion