Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CCM in our NT Domain or not?


We're a large enterprise and we currently manage several hundred NT/W2K servers. All the servers we own & manage today are part of a single domain.

We are now deploying our first few Call Managers for IPT. We're having a big debate internally as to whether we add the Call Managers to our existing domain or if we put them in a domain on their own. This is complicated by the fact that we intend to have a 3rd part help us support the IPT environment.

Is there a best practice regarding Call Manager & Windows Domain security? I expect that over time Cisco will move CM to an appliance platform (as they've done on other products) and I suspect that this may limit our choice, right?

I appreciate any input...


New Member

Re: CCM in our NT Domain or not?

I don't know of any best practice, but if it were my own system I would keep them separate.

The CCMs hold such a crucial part in one's network that I would try and separate them (from normal traffic, read virus) and secure them as much as possible.

But then again, that's just my personal opinion.

New Member

Re: CCM in our NT Domain or not?

I've seen documents indicating that Cisco recommends that Callmanagers be part of their own workgroup. They should not be member servers of a domain.

On the other hand, because of Unity requirements, those servers should be members servers of a domain.

There are also best practices documents relating to putting the servers in their own segments and installing certain ACL's to further protect the servers and phones from DOS attacks and such.

Your 'third party' should be up-to-date on these 'best practice' suggestions.

Ray Burkholder.

Cisco Employee

Re: CCM in our NT Domain or not?

I'd treat the phone system as such. It just so happens CCM runs on W2k. It's not a file share or print server.

CCM will be appliance-type server in the near future. Look for it in your local hardware stores (that was a joke).

For Unity, if your intention is to have unified messaging where you can check your email on your phone, and vm on Outlook, then by all means, join the existing domain with Exchange/Domino servers.

However if you are using VM only (that means your intention is just to check VM from phone), then it can certainly sit on it's own domain and probably should. That way, you keep it out of domain politics (although i've been told that does not exist)

H. M.


Re: CCM in our NT Domain or not?

Remember, CallManager(software PBX) install on Windows 2000 server, but they are actually a PHONE system. Have you seen PBX join domain(stuipd me), I mean PBX wont get any attack from hacker because they are isolated.

Therefore, dont try to make CCM join your existing domain, that what Cisco recommends anyway. I mean hacker still can attack CCM, but at least wont get affect if Domain goes down.

Make CCM has own workgroup, install Antivirus, configure ACL.