Migrating from an on-premises UC environment to UCM Cloud for Government takes some careful planning and preparation. Here are some items to keep in mind before making the move.

UCM Cloud for Government (UCM-G) is a fully FedRAMP compliant system hosted by Cisco in FedRAMP compliant Webex Data Centers in Dallas, TX and San Jose, CA. The FedRAMP compliancy restrictions do create some additional considerations from an on-premises system. Here are some best practices to consider when preparing:

1. Everything MUST be secure:
   • There is no way to turn off security for UCM-G. There is a setting within the system that will block any unencrypted phone that cannot be disabled so every call within the UCM Cloud environment must be secure. This also includes ad-hoc conferencing and any digital to analog devices.
   • All endpoints must be TLS 1.2 compatible including any 3^rd party systems and endpoints.
     • The Cisco 7900 series and other older model Cisco IP Phones are only compatible with TLS 1.0, but a security waver can be signed by the customer if they accept the lower security level.
   • If you have an on-premises Cisco UCM cluster today, the cluster must also be secure, or a Cisco CUBE or another SBC will need to be used for RTP to secure RTP (sRTP) conversion.
   • All CUBE’s and voice gateways must have a UC and Security license to enable sRTP.
2. Connectivity Options
   • UCM Cloud for Government can only be peered with a Partner Connection model. Please refer to the UCM Cloud and UCM Cloud for Government Peering Options document for further information.
   • BGP routing is required for full routing redundancy.
   • The customer will choose a /24 network address space that is not used on their network for UCM Cloud. From the /24, two /25’s will be created and split between Dallas and San Jose. Those /25’s will be used for routing and to assign IP addresses to the UCM Cloud servers in each data center.
   • A firewall is not mandatory but highly recommended between the customer and Cisco/Presidio. The cloud is inherently secure but it’s still the customers responsibility to protect themselves from Cisco/Presidio.
3. Other System Considerations
   • The customer must provide a http proxy if they plan on utilizing Single Inbox for Unity Connection (voicemail to email).
   • Cisco will provide certificates to any system hosted in the cloud. Cisco will not provide certificates for on-premises devices like Cisco CUBE’s. However, if the customer has their own CA server and would like to utilize that instead of Hydrant ID that Cisco uses, the customer can sign all the certs within the Cisco cloud.
   • Single Sign On (SSO) is a mandatory requirement and Cisco’s IDP proxy will be utilized. Any SAML 2.0 should be fine to work with UCM Cloud. Cisco Unified Contact Center
   • Express (UCCX) is not a FedRAMP authorized cloud solution. UCCX must stay on-premises during the cutover. All UCCX agents must move at the same time to either a replacement system or a UCCX server must stay on-premises. Please refer to the FedRAMP Contact Center document for further Contact Center options.
4. Cutover Considerations
   1. Migrating old or inconsistent data is not a good practice. A PBX cleanup before any data migration is recommended so only clean data is moved to UCM Cloud.
   2. Come up with a cutover plan that will allow to migrate users and phones over a set about of time without interruption to day-to-day business.
   3. If the customer already has somewhat recent on-premises version UCM environment today, a lot of that data can be migrated to the cloud. There are methods in place to be able to move phones from one cluster to another with little impact.
   4. Ensure your PSTN strategy is thought out. Are existing circuits being used or are new trunks being purchased? One cutover strategy is porting numbers from the old circuits/trunks to the new PSTN connection. If that is not the case, then numbers will need to be moved at the existing CUBE/SBC during the cutover. A solid CUBE strategy will need to be developed to be able to handle that amount of numbers going between 2 clusters.

Moving to the cloud is not a difficult task if the proper plans are put into place. UCM Cloud for Government provides plenty of benefits over an on-premises setup and should be considered for the future. Please do not hesitate to contact Presidio Federal or your Cisco Account Manager if you have any further questions!